Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19-02-2024 03:44
General
-
Target
2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe
-
Size
197KB
-
MD5
824b3bd8c222fcdbc3e533c9c859236f
-
SHA1
6d8373ce4735a22ad1cf27660f01776c3624a48d
-
SHA256
89cb50d7ef8764e6651f530632d972d9003683f06b28ac58be4048996ebe5c83
-
SHA512
e0de70d5ac1e7528e3c5bb2eab13f21ed90f340ad32aa7f89a535655430aaaaf232923d6519fa741115d550c73569f2b74e06365e48f158f17086762799e17a1
-
SSDEEP
3072:jEGh0oSl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGwlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8B25B987-64FE-4d0b-BA42-232FC11A2E61}.exeC:\Windows\{8B25B987-64FE-4d0b-BA42-232FC11A2E61}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BEBC3EB2-7FB8-4488-9C43-A7936241BB2C}.exeC:\Windows\{BEBC3EB2-7FB8-4488-9C43-A7936241BB2C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BEBC3~1.EXE > nul4⤵
-
-
C:\Windows\{6607C6B6-4096-47b7-A714-7C54F01B5E21}.exeC:\Windows\{6607C6B6-4096-47b7-A714-7C54F01B5E21}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F8C71CB3-28AD-4a20-94F4-9DD5BC35E74F}.exeC:\Windows\{F8C71CB3-28AD-4a20-94F4-9DD5BC35E74F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BB23ED7-80B6-4483-9018-F568C0AA2067}.exeC:\Windows\{1BB23ED7-80B6-4483-9018-F568C0AA2067}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24BFFEC8-4466-46b2-B00F-59A1B912E152}.exeC:\Windows\{24BFFEC8-4466-46b2-B00F-59A1B912E152}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EB7F518C-A8E2-4c47-8407-58555E239EC5}.exeC:\Windows\{EB7F518C-A8E2-4c47-8407-58555E239EC5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B7EF2256-4733-499a-8ECE-0B0A017BE97B}.exeC:\Windows\{B7EF2256-4733-499a-8ECE-0B0A017BE97B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7781B390-5A74-4c43-AE02-EF4BA64BF6E7}.exeC:\Windows\{7781B390-5A74-4c43-AE02-EF4BA64BF6E7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24805002-2D62-4a5b-830C-4FBEB5E749AE}.exeC:\Windows\{24805002-2D62-4a5b-830C-4FBEB5E749AE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBB15087-C350-4b64-BB82-D03FA051592F}.exeC:\Windows\{CBB15087-C350-4b64-BB82-D03FA051592F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BEC1E84E-4CE4-40ac-949E-A6E673D36DF7}.exeC:\Windows\{BEC1E84E-4CE4-40ac-949E-A6E673D36DF7}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBB15~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24805~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7781B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7EF2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB7F5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24BFF~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BB23~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F8C71~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6607C~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8B25B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5c6abcf06fcdf709eddcb841b15b725e5
SHA1005731901d199543099210f314ebef1719a5765b
SHA25658c5cc6a927916b68cb6880b761eeecc92b9b767dde7d3aa0340d365754e444b
SHA5120fd70e873cef028a0fb3db56fe298853da9f2daf2678a7fab84981dbf29ec1be917df98290d1e2bac7d89e569a30d576b7d141017a4a7ecd08946496093a8115
-
Filesize
197KB
MD5016ef391dbbb2d85796f3befa78eee39
SHA198479afdc89813ede552f07e1282019450c1bf69
SHA2566fec6e94ecede028c6548cc987ffb5a05d93da33866d37425e3e16bd63b55991
SHA5121c92b9400e5e186c762b2d9d92191c2fba661ba6be98b468d523cd812765ee973a84370870fe444b625137f1fe935ad0ce6b12999b3a3075c73afbf4fc1795bb
-
Filesize
197KB
MD5ab24b5c891a6aec81b4458981b16d35f
SHA103941288618048049a8c99158763b2ff562dad2b
SHA2563a65c68405156b703468e04824ce1f51dbef5f930e8ff2720b8a16ea3a8dbce7
SHA5128d0f5fbd8e58c258c0a8b2fab9bc3d973041dc5e58f01e9e0c0553a01ed9c1ecb6238a74a021bf57ac4cd1d846f6e87df18a3ad36ac52b9acb7fbe3096e4e819
-
Filesize
197KB
MD52f491bac716a95e8290945a5f9ae9dfa
SHA17b27e23bcec0ee4ee2b382c429b4c3a8e6cf3163
SHA256d5af525fefeaf921750c9581654838322aa03e95223664deacb6d8a638fc9fd8
SHA5129020a27648b6bd09d9ed94e7650f28d203ee03a4b55b8eab6b9267fa31b9aa54dbfdde83309fd574448f61daf2b1630dc7a7282dd800dbe660f102fd087bb3da
-
Filesize
197KB
MD5a2a8a46fe4cfb3d772fee09157253dcf
SHA184dfe13f5f12376895da8135ab103e842aabd848
SHA2566a14a711f852e21d15cc35b962b76df0be15e550ba14d11744ba254a981e0674
SHA512ba3c12d64508a7ade8fecab91cbd7f161124059f813d964e7779bf28fbf2fdbed1c19e426d70f70495fdb2fc57311ccef285248ab39b0cbc685a0c045d26154d
-
Filesize
197KB
MD532de64b2b0c9365f3e51a013be8edf23
SHA112c290c7c3f15406d810d533fd197f61bfb5e4c6
SHA256522fb65fbba455675d4df3a8e3f62d9dd1845b8e3591f160560558436812765b
SHA5122fae93a24205fd1697af043cc8b820ee41c92570f2e97558072f5de787fcd94426565718613261737dd824c2c76bc09649732dfe10e7a6cd1e60a36c4245aead
-
Filesize
197KB
MD511d7c1517034e1c02dda0cac9b05ac93
SHA16beb92ef86dc43a7ee1321c4265471d76614f14f
SHA256c64dee90aa60ccd3d9ed0c0deb5a73a09eaa612afa83f0a4f9fae90d5acb431c
SHA512c5f23d832fd2411180614645783d1db192b20d3dfdc4636d7fdc8bc86e52d50d16d2a20a6f82d76e16911c5e1aecc7f53d0e11693b8fd3261152cb7db09afcdf
-
Filesize
197KB
MD5ee488f777d9dbe7ff3b2a0e606125538
SHA14f8e8fe62caa13f0e3d360ae3256f32f512bc158
SHA25613db288d0bb2db1a941fddc7615f12387dfeed4bbbdcc59b002cf398af03a045
SHA5124f0a0073d30f031413faa16e2219500b9997fe7da657e98a5f5491877a9971b3ed95bc25403d5be4c6b758474b166c64a5b5aed91a6f4a67858735fb972f76d9
-
Filesize
85KB
MD5ecbaca191d2788ec24786580480fa2e4
SHA1e04788a0060a106cdf65efc2242ce79bb175b329
SHA2562bb52cc861090be5741056cab1ca97798530f95c055188dde05ca3a3aef5e45b
SHA512723f9b242ff2badc910d3916ab3a0ae7e82bff604e31bb37e9cfd51f6a1966876648af6fd83ae2803cb7f3a13ba5402fd9f208535dc0ec49f394a2ccf4f44cc7
-
Filesize
197KB
MD53317b8d406c6611c1ce81517e712a8a1
SHA128c9ddda4b040b70ec88efa83eecd8fbcb530aae
SHA256cfc234ff48b13cf93879f9c7ef911ee867728817bc8aa69022ce8ae295af0546
SHA5120cad6d1556fb4dd5e7dce0e23297fe066d6045cbd257e342c5c358099ac9dbbebe26fd1cf8cccf152fbe2b86c40201bee12d10976a24c0c5db1eb76dc362e4b4
-
Filesize
197KB
MD5d617c074064eb26675972aaa670eae1d
SHA14410a916f22ef1ef7def3ea997f24bc4300b9227
SHA2564307d809a85861e955083d3a2a938c6a3046187f7b03d505e974d40bb481e936
SHA51246bcfbea2f8471868a6089e46875e613b1011c2f203e13c9a5d7fd11d3064cf30d88c78786c262f972adda1e5120d057f7e95d7a5f3e64c1eaff28f4a40f073b
-
Filesize
197KB
MD5522a590d4c923dfe1fe3e72487a99c3a
SHA1386e4610851c5e5263b0b152e20cd6e0e4aad514
SHA256986c8da0ca9b9e5c81ef3bfd6def163a866049e9465bda5ea1511db78dac0829
SHA5122cf32fc7d634fe7c26b07982806bfca83b0e0dccfc641906f3673187b166b5109b932b66da39441b03b511d7f6acbc9e5df8a98eef58e6e23e6fdee141339946
-
Filesize
197KB
MD50ae091dd87118fe7fe4741c9bf447d11
SHA1a95b6bcdf5a928963a4f7d28255dc4d509a132b0
SHA2566314c04296ffdb0dcae4aebec92df236e46b92286e8f8597ddb7a46176d15b19
SHA512ad46cecbc3a9f849c8c82ed74921b3a380bb99b4eca46237c16609eba764a2b46d4dd303645f968fc67e0afa15163c2bff1a948bd72b2979343e074b8c7420c9